Simulatenous use of LOG and ULOG on 2.6.14

Simulatenous use of LOG and ULOG on 2.6.14

[Menno Smits]

Hi,

I'm trying to use the LOG and ULOG targets simultaenously on 2.6.14 but 
am having problems. This used to work on previous kernel versions.

The setup is this:

- kernel configured without the new netlink stuff:
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_QUEUE=m
# CONFIG_IP_NF_TARGET_NFQUEUE is not set

- a daemon that uses the old ipulog library starts at boot time and is 
fed by several ULOG rules

- if I try and insert a LOG rule the iptables command appears to work 
but no logs go to syslog except the following message:
    ipt_LOG: not logging via system console since somebody else already
    registered for PF_INET

- if I stop the logging daemon, remove the ULOG rules and unload 
ipt_ULOG I can happily insert functional LOG rules again. However I need 
both LOG and ULOG simultaenously.

How do I make this work as before? I need to be able to use both ULOG 
and LOG at the same time. Will it work if enable 
CONFIG_NETFILTER_NETLINK and related options and port the daemon to the 
new libnetfilter_log library? I'd really prefer to not have to touch the 
daemon at this stage but will if that's the only answer.

Regards,
Menno




Scanned by the NetBox from NetBox Blue
(http://netboxblue.com/)

Re: Simulatenous use of LOG and ULOG on 2.6.14

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1472 bytes --]

On Mon, Nov 07, 2005 at 04:25:18PM +1000, Menno Smits wrote:
> Hi,
> 
> I'm trying to use the LOG and ULOG targets simultaenously on 2.6.14
> but am having problems.  This used to work on previous kernel
> versions.

this is no longer possible, since both now use the nf_log API.
Everything you log via LOG, ULOG or NFLOG will be sent to the nf_log
core.  At any given time, there can only be one backend registered to
nf_log.

The idea is that in the long term there will only be one LOG target that
everybody uses.

One thing that I've been thinking about, though, was having priorities.
So when you use ULOG/NFLOG and your daemon dies, it would fall back to
the LOG/dmesg backend, if that is available.

> How do I make this work as before? I need to be able to use both ULOG and LOG at the same 
> time. Will it work if enable CONFIG_NETFILTER_NETLINK and related options and port the 
> daemon to the new libnetfilter_log library? I'd really prefer to not have to touch the 
> daemon at this stage but will if that's the only answer.

no, it wouldn't be any different.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Simulatenous use of LOG and ULOG on 2.6.14

[Menno Smits]

Hi Harald,

> The idea is that in the long term there will only be one LOG target
> that everybody uses.

Ok, thanks for confirming this.

> One thing that I've been thinking about, though, was having
> priorities. So when you use ULOG/NFLOG and your daemon dies, it would
> fall back to the LOG/dmesg backend, if that is available.

Interesting idea but not too useful for us. We'd like to have syslogging
and ULOG/NFLOG at the same time.

The problem has been worked around by assigning a specific ULOG netlink
group for traffic to be "syslogged" and using a simple daemon to
collect, parse and log these packets.

>> How do I make this work as before? I need to be able to use both
>> ULOG and LOG at the same time. Will it work if enable
>> CONFIG_NETFILTER_NETLINK and related options and port the daemon to
>> the new libnetfilter_log library? I'd really prefer to not have to
>> touch the daemon at this stage but will if that's the only answer.
> 
> 
> no, it wouldn't be any different.

Great. I have since confirmed that this is true. Our existing logging
daemon still works.

Menno

Scanned by the NetBox from NetBox Blue
(http://netboxblue.com/)